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IN THE CLAIMS 

1. (Currently amended) A portable security system for managing 
access to a portable data storage cartridge, said data storage 
cartridge having data storage media for storing data for 
read/write access by a user of a data storage drive when mounted 
in said data storage drive, said portable security system 
comprising: 

a wireless interface mounted in said portable data storage 
cartridge for receiving power and data from, and sending data to, 
said data storage drive when mounted in said data storage drive; 
and 

a computer processor mounted in said portable data storage 
cartridge separate from said data storage media, and coupled to 
said wireless interface; said computer processor powered by said 
wireless interface and receiving and transmitting data to said 
data storage drive via said wireless interface; said computer 
processor having a user table comprising at least a unique user 
identifier for each authorized user and at least one permitted 
activity said user is authorized to conduct with respect to said 
data storage media, said user identifier, when combined with a 
user authentication message from said authorized user in 
accordance with a predetermined algorithm, authorizes said user; 
said computer processor receiving said user authentication 
messages from said data storage drive via said wireless 
interface, combining said user authentication message with at 
least part of said user identifier from said user table in 
accordance with said predetermined algorithm to authorize or deny 
said user activity, and transmitting said user authorization or 
denial to said data storage drive via said wireless interface. 

2. (Original) The portable security system of Claim 1, wherein 
said wireless interface comprises an RF interface. 
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3. (Original) The portable security system of Claim 1, wherein 
each said user identifier comprises a user symbol and a user 
decrypting key, wherein said user authentication message 
comprises an encrypted user authentication message which may be 
decrypted by said user decrypting key, and wherein said computer 
processor conducts said combination by decrypting said user 
authentication message by said user decrypting key. 

4. (Original) The portable security system of Claim 3, wherein 
said user decrypting key comprises a sender public key, and 
wherein said predetermined algorithm comprises a public key 
cryptographic algorithm. 

5. (Original) The portable security system of Claim 4, wherein 
said user authentication message is encrypted by a sender private 
key and a receiver public key, and wherein said public key 
cryptographic algorithm decrypts said user authentication message 
employing a receiver private key and said sender public key, 
whereby said user authentication message is known to have come 
from said user. 

6. (Original) The portable security system of Claim 1, wherein 
said computer processor user table permitted activities comprise 
a plurality of permitted activities, selected ones of which each 
of said users may be authorized to conduct, said permitted 
activities comprising 1) read access to data stored in said data 
storage media, 2) write access to data stored in said data 
storage media, 3) read the user entry of said user table, 4) read 
all entries of said user table, 5) add entries to said user 
table, and 6) change/delete entries to said user table. 
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7. (Original) The portable security system of Claim 1, wherein 
said computer processor user table comprises a separate entry for 
each said user identifier and said permitted activity said user 
is authorized to conduct. 

8. (Original) The portable security system of Claim 1, wherein 
said computer processor user table comprises a separate entry for 
each said user identifier, said entry comprising all said 
permitted activities said user is authorized to conduct. 

9. (Original) The portable security system of Claim 1, wherein 
said computer processor additionally comprises a nonvolatile 
memory storing said user table. 

10. (Original) The portable security system of Claim 1, wherein 
said computer processor additionally comprises a class table 
comprising at least a unique class identifier for each authorized 
class of users and at least one permitted activity said class of 
users is authorized to conduct with respect to said data storage 
media, said class identifier, when combined with a user 
authentication message from a user of said authorized class of 
users in accordance with said predetermined algorithm, authorizes 
said user; and wherein said computer processor additionally, upon 
receiving said user authentication messages from said data 
storage drive via said wireless interface, combining said user 
authentication message with said class identifier from said class 
table in accordance with said predetermined algorithm to 
authorize or deny said class activity to said user, and 
transmitting said class authorization or denial to said data 
storage drive via said wireless interface. 



4 



TUC919990050US1 



Appl. No.: 09/435,899 

Amdt. dated: December 1, 2005 

Reply to Office action of 09/12/2005 

11 . (Original) The portable security system of Claim 10, wherein 
said computer processor user table additionally comprises any 
class membership of each said user, wherein said user may be 
authorized with respect to said class table either by said class 
authorization or by said user authorization. 

12. (Original) The portable security system of Claim 10, wherein 
said computer processor user table and said class table permitted 
activities comprise a plurality of permitted activities, selected 
ones of which each of said users may be authorized to conduct, 
said permitted activities comprising 1) read access to data 
stored in said data storage media, 2) write access to data stored 
in said data storage media, 3) read all entries of said class 
table, 4) add entries to said class table, and 5) change/delete 
entries to said class table. 

13. (Original) The portable security system of Claim 10, wherein 
said computer processor additionally comprises a nonvolatile 
memory storing said user table and said class table. 

14 . (Original) The portable security system of Claim 1, wherein 
said data stored in said data storage media is encrypted, wherein 
said computer processor user table permitted activities comprise 
at least 1) read access to data stored in said data storage 
media, and wherein said user authorization for said read access 
additionally comprises a decryption key for said encrypted stored 
data. 

15. (Currently amended) A data storage cartridge for storing 
data for read/write access by a user of a data storage drive when 
mounted in said data storage drive, comprising: 

data storage media mounted in said data storage cartridge 
for storing said data for said read/write access; 
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a wireless interface mounted in said portable data storage 
cartridge for receiving power and data from, and sending data to, 
said data storage drive when mounted in said data storage drive; 
and 

a computer processor mounted in said portable data storage 
cartridge separate from said data storage media, and coupled to 
said wireless interface; said computer processor powered by said 
wireless interface and receiving and transmitting data to said 
data storage drive via said wireless interface; said computer 
processor having a user table comprising at least a unique user 
identifier for each authorized user and at least one permitted 
activity said user is authorized to conduct with respect to said 
data storage media, said user identifier, when combined with a 
user authentication message from said authorized user in 
accordance with a predetermined algorithm, authorizes said user; 
said computer processor receiving said user authentication 
messages from said data storage drive via said wireless 
interface, combining said user authentication message with at 
least part of said user identifier from said user table in 
accordance with said predetermined algorithm to authorize or deny 
said user activity, and transmitting said user authorization or 
denial to said data storage drive via said wireless interface. 

16. (Original) The data storage cartridge of Claim 15, wherein 
said wireless interface comprises an RF interface. 

17. (Original) The data storage cartridge of Claim 15, wherein 
each said user identifier comprises a user symbol and a user 
decrypting key, wherein said user authentication message 
comprises an encrypted user authentication message which may be 
decrypted by said user decrypting key, and wherein said computer 
processor conducts said combination by decrypting said user 
authentication message by said user decrypting key. 
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18. (Original) The data storage cartridge of Claim 17, wherein 
said user decrypting key comprises a sender public key, and 
wherein said predetermined algorithm comprises a public key 
cryptographic algorithm. 

19. (Original) The data storage cartridge of Claim 18, wherein 
said user authentication message is encrypted by a sender private 
key and a receiver public key, and wherein said public key 
cryptographic algorithm decrypts said user authentication message 
employing a receiver private key and said sender public key, 
whereby said user authentication message is known to have come 
from said user. 

20. (Original) The data storage cartridge of Claim 15, wherein 
said computer processor user table permitted activities comprise 
a plurality of permitted activities, selected ones of which each 
of said users may be authorized to conduct, said permitted 
activities comprising 1) read access to data stored in said data 
storage media, 2) write access to data stored in said data 
storage media, 3) read the user entry of said user table, 4) read 
all entries of said user table, 5) add entries to said user 
table, and 6) change/delete entries to said user table. 

21 . (Original) The data storage cartridge of Claim 15, wherein 
said computer processor user table comprises a separate entry for 
each said user identifier and said permitted activity said user 
is authorized to conduct. 

22. (Original) The data storage cartridge of Claim 15 wherein 
said computer processor user table comprises a separate entry for 
each said user identifier, said entry comprising all said 
permitted activities said user is authorized to conduct. 
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23. (Original) The data storage cartridge of Claim 15, wherein 
said computer processor additionally comprises a nonvolatile 
memory storing said user table. 

24 . (Original) The data storage cartridge of Claim 15, wherein 
said computer processor additionally comprises a class table 
comprising at least a unique class identifier for each authorized 
class of users and at least one permitted activity said class of 
users is authorized to conduct with respect to said data storage 
media, said class identifier, when combined with a user 
authentication message from a user of said authorized class of 
users in accordance with said predetermined algorithm, authorizes 
said user; and wherein said computer processor additionally, upon 
receiving said user authentication messages from said data 
storage drive via said wireless interface, combining said user 
authentication message with said class identifier from said class 
table in accordance with said predetermined algorithm to 
authorize or deny said class activity to said user, and 
transmitting said class authorization or denial to said data 
storage drive via said wireless interface. 

25. (Original) The data storage cartridge of Claim 24, wherein 
said computer processor user table additionally comprises any 
class membership of each said user, wherein said user may be 
authorized with respect to said class table either by said class 
authorization or by said user authorization. 

26. (Original) The data storage cartridge of Claim 24, wherein 
said computer processor user table and said class table permitted 
activities comprise a plurality of permitted activities, selected 
ones of which each of said users may be authorized to conduct, 
said permitted activities comprising 1) read access to data 
stored in said data storage media, 2) write access to data stored 
in said data storage media, 3) read all entries of said class 
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table, 4) add entries to said class table, and 5) change/delete 
entries to said class table. 

27. (Original) The data storage cartridge of Claim 24, wherein 
said computer processor additionally comprises a nonvolatile 
memory storing said user table and said class table. 

28. (Original) The data storage cartridge of Claim 15, wherein 
said data stored in said data storage media is encrypted, wherein 
said computer processor user table permitted activities comprise 
at least 1) read access to data stored in said data storage 
media, and wherein said user authorization for said read access 
additionally comprises a decryption key for said encrypted stored 
data . 

29. (Currently amended) A method for providing a portable secure 
interface to a data storage cartridge, said data storage 
cartridge having data storage media for storing data for 
read/write access by a user of a data storage drive when mounted 
in said data storage drive, and a wireless interface mounted in 
said portable data storage cartridge for receiving power and data 
from, and sending data to, said data storage drive when mounted 
in said data storage drive, said data storage cartridge having a 
user table separate from said data storage media, comprising at 
least a unique user identifier for each authorized user and at 
least one permitted activity said user is authorized to conduct 
with respect to said data storage media, said user identifier, 
when combined with a user authentication message from said 
authorized user in accordance with a predetermined algorithm, 
authorizes said user, said method comprising the steps of: 

receiving said user authentication messages from said data 
storage drive via said wireless interface; 

separate from said data storage media, combining said user 
authentication message with at least part of said user identifier 
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from said user table in accordance with said predetermined 
algorithm to authorize or deny said user activity; and 

transmitting said user authorization or denial to said data 
storage drive via said wireless interface. 

30. (Original) The method of Claim 29, wherein each said user 
identifier comprises a user symbol and a user decrypting key, 
wherein said user authentication message comprises an encrypted 
user authentication message which may be decrypted by said user 
decrypting key, and wherein said combining step comprises 
decrypting said user authentication message by said user 
decrypting key. 

31. (Original) The method of Claim 30, wherein said user 
decrypting key comprises a sender public key, and wherein said 
predetermined algorithm comprises a public key cryptographic 
algorithm. 

32. (Original) The method of Claim 31, wherein said user 
authentication message is encrypted by a sender private key and a 
receiver public key, wherein said public key cryptographic 
algorithm decrypts said user authentication message employing a 
receiver private key and said sender public key, and wherein said 
combining step comprises decrypting said user authentication 
message by said receiver private key and said sender public key, 
whereby said user authentication message is known to have come 
from said user. 

33. (Original) The method of Claim 29, wherein said user table 
comprises a plurality of said permitted activities, selected ones 
of which each of said users may be authorized to conduct, said 
permitted activities comprising 1) read access to data stored in 
said data storage media, 2) write access to data stored in said 
data storage media, 3) read the user entry of said user table, 4) 
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read all entries of said user table, 5) add entries to said user 
table, and 6) change/delete entries to said user table; and 
wherein said transmitting step comprises transmitting 
authorization to conduct the selected said user permitted 
activities said user is authorized to conduct. 

34 . (Original) The method of Claim 29, wherein said user table 
comprises a separate entry for each said user identifier and said 
permitted activity said user is authorized to conduct; and 
wherein said transmitting step additionally comprises identifying 
said user permitted activities from said separate entries. 

35. (Original) The method of Claim 29, wherein said step of 
providing said user table comprises a separate entry for each 
said user identifier, said entry comprising all said permitted 
activities said user is authorized to conduct; and wherein said 
transmitting step additionally comprises identifying said user 
permitted activities from said user separate entry. 

36. (Original) The method of Claim 29, wherein said data storage 
cartridge additionally comprises a class table comprising at 
least a unique class identifier for each authorized class of 
users and at least one permitted activity said class of users is 
authorized to conduct with respect to said data storage media, 
said class identifier, when combined with a user authentication 
message from a user of said authorized class of users in 
accordance with said predetermined algorithm, authorizes said 
user; 

wherein said combining step additionally comprises, upon 
receiving said user authentication messages from said data 
storage drive via said wireless interface, combining said user 
authentication message with said class identifier from said class 
table in accordance with said predetermined algorithm to 
authorize or deny said class activity to said user; and 

11 TUC919990050US1 



Appl. No. : 09/435,899 

Amdt. dated: December l f 2005 

Reply to Office action of 09/12/2005 

wherein said transmitting step additionally comprises 
transmitting said class authorization or denial to said data 
storage drive via said wireless interface. 

37. (Original) The method of Claim 36, wherein said user table 
additionally comprises any class membership of each said user; 
and wherein said combining step additionally authorizes said user 
with respect to said class table either by said class 
authorization or by said user authorization. 

38. (Original) The method of Claim 36, wherein said user table 
and said class table comprise a plurality of permitted 
activities, selected ones of which each of said users may be 
authorized to conduct, said permitted activities comprising 1) 
read access to data stored in said data storage media, 2) write 
access to data stored in said data storage media, 3) read all 
entries of said class table, 4) add entries to said class table, 
and 5) change/delete entries to said class table; and wherein 
said transmitting step comprises transmitting authorization to 
conduct the selected said user and said class permitted 
activities said user is authorized to conduct. 

39. (Original) The method of Claim 29, wherein said data stored 
in said data storage media is encrypted, wherein said step of 
providing said user table permitted activities comprises 
providing at least 1) read access to data stored in said data 
storage media, and wherein said step of transmitting said user 
authorization for said read access additionally comprises 
transmitting a decryption key for said encrypted stored data. 

40. (Currently amended) A computer program product usable with a 
programmable computer processor having computer readable program 
code embodied therein for providing a secure interface to a data 
storage cartridge having data storage media , said programmable 
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computer processor mounted in said data storage cartridge 
separate from said data storage media / said data storage 
cartridge having data storage media for storing data for 
read/write access by a user of a data storage drive when mounted 
in said data storage drive, and a wireless interface mounted in 
said portable data storage cartridge for receiving power and data 
from, and sending data to, said data storage drive when mounted 
in said data storage drive, said computer program product 
comprising: 

computer readable program code which causes said 
programmable computer processor to provide a user table 
comprising at least a unique user identifier for each authorized 
user and at least one permitted activity said user is authorized 
to conduct with respect to said data storage media, said user 
identifier, when combined with a user authentication message from 
said authorized user in accordance with a predetermined 
algorithm, authorizes said user; 

computer readable program code which causes said 
programmable computer processor to receive said user 
authentication messages from said data storage drive via said 
wireless interface; 

computer readable program code which causes said 
programmable computer processor to , separate from said data 
storage media, combine said user authentication message with at 
least part of said user identifier from said user table in 
accordance with said predetermined algorithm to authorize or deny 
said user activity; and 

computer readable program code which causes said 
programmable computer processor to transmit said user 
authorization or denial to said data storage drive via said 
wireless interface . 

41 . (Original) The computer program product of Claim 40, wherein 
each said user identifier comprises a user symbol and a user 
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decrypting key, wherein said user authentication message 
comprises an encrypted user authentication message which may be 
decrypted by said user decrypting key, and wherein said computer 
readable program code additionally causes said programmable 
computer processor to conduct said combination by decrypting said 
user authentication message by said user decrypting key. 

42 . (Original) The computer program product of Claim 41, wherein 
said user decrypting key comprises a sender public key, and 
wherein said predetermined algorithm comprises a public key 
cryptographic algorithm. 

43. (Original) The computer program product of Claim 42, wherein 
said user authentication message is encrypted by a sender private 
key and a receiver public key, wherein said public key 
cryptographic algorithm decrypts said user authentication message 
employing a receiver private key and said sender public key, and 
wherein said computer readable program code additionally causes 
said programmable computer processor, in conducting said 
combination, to decrypt said user authentication message by said 
receiver private key and said sender public key, whereby said 
user authentication message is known to have come from said user. 

44 . (Original) The computer program product of Claim 40, wherein 
said computer readable program code additionally causes said 
programmable computer processor to provide in said user table a 
plurality of said permitted activities, selected ones of which 
each of said users may be authorized to conduct, said permitted 
activities comprising 1) read access to data stored in said data 
storage media, 2) write access to data stored in said data 
storage media, 3) read the user entry of said user table, 4) read 
all entries of said user table, 5) add entries to said user 
table, and 6) change/delete entries to said user table. 
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45. (Original) The computer program product of Claim 40, wherein 
said computer readable program code additionally causes said 
programmable computer processor to provide in said user table a 
separate entry for each said user identifier and said permitted 
activity said user is authorized to conduct. 

46. (Original) The computer program product of Claim 40, wherein 
said computer readable program code additionally causes said 
programmable computer processor to provide in said user table a 
separate entry for each said user identifier, said entry 
comprising all said permitted activities said user is authorized 
to conduct . 

47. (Original) The computer program product of Claim 40, wherein 
said computer readable program code additionally causes said 
programmable computer processor: 

to provide a class table comprising at least a unique class 
identifier for each authorized class of users and at least one 
permitted activity said class of users is authorized to conduct 
with respect to said data storage media, said class identifier, 
when combined with a user authentication message from a user of 
said authorized class of users in accordance with said 
predetermined algorithm, authorizes said user; 

in conducting said combination, upon receiving said user 
authentication messages from said data storage drive via said 
wireless interface, to combine said user authentication message 
with said class identifier from said class table in accordance 
with said predetermined algorithm to authorize or deny said class 
activity to said user; and 

in conducting said transmission, to transmit said class 
authorization or denial to said data storage drive via said 
wireless interface . 
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48. (Original) The computer program product of Claim 47, wherein 
said computer readable program code additionally causes said 
programmable computer processor to provide in said user table any 
class membership of each said user, wherein said user may be 
authorized with respect to said class table either by said class 
authorization or by said user authorization, 

49. (Original) The computer program product of Claim 47, wherein 
said computer readable program code additionally causes said 
programmable computer processor to provide in said user table and 
said class table a plurality of permitted activities, selected 
ones of which each of said users may be authorized to conduct, 
said permitted activities comprising 1) read access to data 
stored in said data storage media, 2) write access to data stored 
in said data storage media, 3) read all entries of said class 
table, 4) add entries to said class table, and 5) change/delete 
entries to said class table. 

50. (Original) The computer program product of Claim 40, wherein 
said data stored in said data storage media is encrypted, and 
wherein said computer readable program code additionally causes 
said programmable computer processor to provide in said user 
table permitted activities comprising at least 1) read access to 
data stored in said data storage media, and wherein said computer 
readable program code additionally causes said programmable 
computer processor to transmit in said user authorization for 
said read access, a decryption key for said encrypted stored 
data. 
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51. (new) A portable data storage cartridge, comprising: 

a wireless interface mounted in said portable data storage 
cartridge configured to receive power and data from, and send 
data to, a data storage drive, when in said data storage drive; 

data storage media; and 

a portable security system that resides in said portable 
data storage cartridge, comprising: 

a computer processor system residing in said portable 
data storage cartridge and configured to communicate with 
said wireless interface, and configured to receive power 
from said wireless interface; and 

a security system configured for operation of said 
portable data storage cartridge computer processor system 
arranged to authenticate each of separate users by combining 
a user authentication message received via said wireless 
interface, with a user identifier of a plurality of user 
identifiers previously stored by said computer processor 
system, said user identifiers comprising at least a unique 
user identifier for each authorized user, said combining in 
accordance with a predetermined algorithm of said security 
system. 

52. (new) The portable data storage cartridge of Claim 51, 
wherein said portable data storage cartridge computer processor 
system is configured to store said user identifiers of said 
separate users in a user table of said computer processor system, 
said user table comprising said at least a unique user identifier 
for each authorized user and at least one permitted activity said 
user is authorized to conduct with respect to said data storage 
media, said security system combining said user authentication 
message with at least part of said user identifier from said user 
table in accordance with said predetermined algorithm to 
authorize or deny said user activity. 
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53. (new) The portable data storage cartridge of Claim 52, 
wherein said portable data storage cartridge security system is 
arranged to operate said computer processor system to communicate 
user authentication or denial via said wireless interface. 

54. (new) The portable data storage cartridge of Claim 52, 
wherein said computer processor system user table permitted 
activities comprise a plurality of permitted activities, selected 
ones of which each of said users may be authorized to conduct, 
said permitted activities comprising 1) read access to data 
stored in said data storage media, 2) write access to data stored 
in said data storage media, 3) read the user entry of said user 
table, 4) read all entries of said user table, 5) add entries to 
said user table, and 6) change/delete entries to said user table. 

55. (new) The portable data storage cartridge of Claim 52, 
wherein data stored in said data storage media is encrypted, 
wherein said computer processor system user table permitted 
activities comprise at least 1) read access to data stored in 
said data storage media, and wherein said user authorization for 
said read access additionally comprises a decryption key for said 
encrypted stored data. 

56. (new) The portable data storage cartridge of Claim 51, 
wherein said portable data storage cartridge security system is 
arranged such that each said previously stored user identifier 
comprises a user symbol and a user decrypting key, wherein said 
user authentication message comprises an encrypted user 
authentication message which may be decrypted by said user 
decrypting key, and wherein said portable data storage cartridge 
security system predetermined algorithm conducts said combination 
by decrypting said user authentication message by said user 
decrypting key. 
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57. (new) The portable data storage cartridge of Claim 56, 
wherein said user decrypting key comprises a sender public key, 
and wherein said predetermined algorithm comprises a public key 
cryptographic algorithm. 

58. (new) The portable data storage cartridge of Claim 57, 
wherein said user authentication message is encrypted by a sender 
private key and a receiver public key, and wherein said public 
key cryptographic algorithm decrypts said user authentication 
message employing a receiver private key and said sender public 
key, whereby said user authentication message is known to have 
come from said user. 

59. (new) A portable security system configured to reside in a 
portable data storage cartridge, said portable data storage 
cartridge comprising a wireless interface mounted in said 
portable data storage cartridge configured to receive power and 
data from, and send data to, a data storage drive, when in said 
data storage drive; and data storage media; said portable 
security system comprising: 

a computer processor system configured to reside in said 
portable data storage cartridge, configured to communicate with 
said wireless interface, and configured to receive power from 
said wireless interface; and 

a security system configured for operation of said computer 
processor system arranged to authenticate each of separate users 
by combining a user authentication message received via said 
wireless interface, with a user identifier of a plurality of user 
identifiers previously stored by said computer processor system, 
said user identifiers comprising at least a unique user 
identifier for each authorized user, said combining in accordance 
with a predetermined algorithm of said security system. 
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60. (new) The portable security system of Claim 59, wherein said 
computer processor system is configured to store said user 
identifiers of said separate users in a user table of said 
computer processor system, said user table comprising said at 
least a unique user identifier for each authorized user and at 
least one permitted activity said user is authorized to conduct 
with respect to said data storage media, said security system 
combining said user authentication message with at least part of 
said user identifier from said user table in accordance with said 
predetermined algorithm to authorize or deny said user activity. 

61. (new) The portable security system of Claim 60, wherein said 
security system is arranged to operate said computer processor 
system to communicate user authentication or denial via said 
wireless interface . 

62. (new) The portable security system of Claim 60, wherein said 
computer processor system user table permitted activities 
comprise a plurality of permitted activities, selected ones of 
which each of said users may be authorized to conduct, said 
permitted activities comprising 1) read access to data stored in 
said data storage media, 2) write access to data stored in said 
data storage media, 3) read the user entry of said user table, 4) 
read all entries of said user table, 5) add entries to said user 
table, and 6) change/delete entries to said user table. 

63. (new) The portable security system of Claim 60, wherein data 
stored in said data storage media is encrypted, wherein said 
computer processor system user table permitted activities 
comprise at least 1) read access to data stored in said data 
storage media, and wherein said user authorization for said read 
access additionally comprises a decryption key for said encrypted 
stored data. 



20 



TUC919990050US1 



Appl. No.: 09/435,899 

Amdt. dated: December 1, 2005 

Reply to Office action of 09/12/2005 

64. (new) The portable security system of Claim 59, wherein said 
security system is arranged such that each said previously stored 
user identifier comprises a user symbol and a user decrypting 
key, wherein said user authentication message comprises an 
encrypted user authentication message which may be decrypted by 
said user decrypting key, and wherein said security system 
predetermined algorithm conducts said combination by decrypting 
said user authentication message by said user decrypting key. 

65. (new) The portable security system of Claim 64, wherein said 
user decrypting key comprises a sender public key, and wherein 
said predetermined algorithm comprises a public key cryptographic 
algorithm. 

66. (new) The portable security system of Claim 65, wherein said 
user authentication message is encrypted by a sender private key 
and a receiver public key, and wherein said public key 
cryptographic algorithm decrypts said user authentication message 
employing a receiver private key and said sender public key, 
whereby said user authentication message is known to have come 
from said user. 
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